Wfquery
From Wiki of WFilter NG Firewall
(Difference between revisions)
| Line 4: | Line 4: | ||
* Web Surf | * Web Surf | ||
* Web Post | * Web Post | ||
| − | |||
* Outgoing Emails | * Outgoing Emails | ||
* Incoming Emails | * Incoming Emails | ||
| − | |||
* File Upload History | * File Upload History | ||
* File Download History | * File Download History | ||
| Line 32: | Line 30: | ||
For every client, multiple policies can be applied. For example: | For every client, multiple policies can be applied. For example: | ||
* A policy: record web surfing for a whole subnet. | * A policy: record web surfing for a whole subnet. | ||
| − | * B policy: enable " | + | * B policy: enable "email recording" for a special IP in this subnet. |
| − | For this ip, both "web surfing recording" and " | + | For this ip, both "web surfing recording" and "email recording" will be enabled. |
Besides the applied to "clients" and "time", detailed "recording policy" settings are described in below. | Besides the applied to "clients" and "time", detailed "recording policy" settings are described in below. | ||
=== Web Recording === | === Web Recording === | ||
| − | * '''Web Surf''': record titles of visited web pages for http websites. For https websites, only domains will be recorded. To record https webpages, please | + | * '''Web Surf''': record titles of visited web pages for http websites. For https websites, only domains will be recorded in default. To record https webpages, please check [[SSLInspect|"SSL Inspector"]]. |
| − | * '''Web Post''': record web post content for http websites. To record https | + | * '''Web Post''': record web post content for http websites. To record https websites posts, please check [[SSLInspect|"SSL Inspector"]]. |
* '''Web Post Size Limit''': no recording of web post exceeds size limit. | * '''Web Post Size Limit''': no recording of web post exceeds size limit. | ||
| − | |||
* '''Smart Filter''': With this feature enabled, WFilter will not record visits by non-human. (Not 100% accurate) | * '''Smart Filter''': With this feature enabled, WFilter will not record visits by non-human. (Not 100% accurate) | ||
* '''Domains Exception''': no recording of domains in the exception list. Wildcards "*?" are supported. | * '''Domains Exception''': no recording of domains in the exception list. Wildcards "*?" are supported. | ||
| + | |||
[[File:Wfrecorder_setweb_en2.png|650px]] | [[File:Wfrecorder_setweb_en2.png|650px]] | ||
| Line 52: | Line 50: | ||
* Emails supported: SMTP, POP3, IMAP4 and outgoing web-based emails. | * Emails supported: SMTP, POP3, IMAP4 and outgoing web-based emails. | ||
* For emails exceed size limit, only subject/from/to will be recorded. | * For emails exceed size limit, only subject/from/to will be recorded. | ||
| − | + | * To record ssl emails(SMTP/POP/IMAP over SSL), please check [[SSLInspect|"SSL Inspector"]]. | |
| − | * To record ssl emails(SMTP/POP/IMAP over SSL), | + | |
* STARTTLS of SMTP/POP3/IMAP can not be recorded. | * STARTTLS of SMTP/POP3/IMAP can not be recorded. | ||
Revision as of 11:34, 3 December 2018
Contents |
1 Internet Usage Monitoring
The "Internet Usage Monitoring" module records internet activities, including:
- Web Surf
- Web Post
- Outgoing Emails
- Incoming Emails
- File Upload History
- File Download History
- IM Accounts
- FTP/Telnet Sessions
- IP-MAC History
This module works both in "gateway mode" and "bridge mode". Enterprise license is required.
2 Recording Policy
For every client, multiple policies can be applied. For example:
- A policy: record web surfing for a whole subnet.
- B policy: enable "email recording" for a special IP in this subnet.
For this ip, both "web surfing recording" and "email recording" will be enabled.
Besides the applied to "clients" and "time", detailed "recording policy" settings are described in below.
2.1 Web Recording
- Web Surf: record titles of visited web pages for http websites. For https websites, only domains will be recorded in default. To record https webpages, please check "SSL Inspector".
- Web Post: record web post content for http websites. To record https websites posts, please check "SSL Inspector".
- Web Post Size Limit: no recording of web post exceeds size limit.
- Smart Filter: With this feature enabled, WFilter will not record visits by non-human. (Not 100% accurate)
- Domains Exception: no recording of domains in the exception list. Wildcards "*?" are supported.
2.2 Email Recording
- Emails supported: SMTP, POP3, IMAP4 and outgoing web-based emails.
- For emails exceed size limit, only subject/from/to will be recorded.
- To record ssl emails(SMTP/POP/IMAP over SSL), please check "SSL Inspector".
- STARTTLS of SMTP/POP3/IMAP can not be recorded.
2.3 File Transfers
- File transfers supported: FTP upload, FTP download, Web download, Web upload.
- WFilter only records filenames/URLs of downloaded files. While full file content can be recorded for uploading files.
- For uploading files exceed size limit, only filenames can be recorded.
- To record files via https, you need to enable "HTTPS Inspector".
2.4 Others
Options to enable IM acounts and FTP/Telnet sessions.
- Only QQ messenger IDs can be recorded.
- When "FTP/Telnet Sessions" is enabled, sent FTP/Telnet commands can be recorded.
3 Advanced Settings
3.1 SSL Certificate
- This "SSL Certificate" will replace remote server's certificate for SSL interception.
- When "HTTPS Inspector" is enabled, there will be a certificate warning in the client browser. You may download and import this certificate into "trusted root certification authorities store" to silence client browser.
- You can click "Replace" to generate a new certificate.
3.2 System
- Enable Debug: write debug logs for diagnose.
- Database Commit: the database commit frequency.
- Additional Webmail Domains: Custom webmails to be recorded.
4 SSL Inspection
SSL Inspection is based on [Man-in-the-middle attack]. It redirects SSL connections to a local SSL server, so it can intercept the ssl traffic. Though it can decode SSL traffic, there are some disadvantages you should know:
- Performance issue. Please check: SSL Inspector Performance
- Certificate warning issue. With https inspector enabled, there will be certificate warning. To silence client browser, please follow below steps to import WFilter's certificate into "trusted root certification authorities store" in client devices.
4.1 HTTPS Inspector
- There will be a certificate warning when visiting https websites. You may choose "continue to this website" to access this site, web surf and post will be recorded.
To get rid of this certificate warning, please follow below steps:
- Download WFilter's certificate
- Double click the "ca.crt" file, click "Install Certificate" and "Next". Enable "place all certificates in the following store" and choose "trusted root certification authorities". Then "Next" and "Finish".
- The certificate warning won't appear again.
- And this https visiting will be recorded.
4.2 SSL Email Inspection
There are three types of email connection.
- Plain text, emails can be recorded without "SSL Email Inspection".
- STARTTLS, even "SSL Email Inspection" can not record it.
- SSL/TLS, with "SSL Email Inspection" enabled, emails via SSL connections can be recorded.
Let's take "Mozilla Thunderbird" as an example:
Please notice: to record https web emails, you need to enable "HTTPS Inspector" for this https website.
